WO2022166502A1

WO2022166502A1 - Data protection method and system, and medium and electronic device

Info

Publication number: WO2022166502A1
Application number: PCT/CN2021/143962
Authority: WO
Inventors: 韩华元; 马兵; 李�杰; 王魁; 周旋; 陈磊; 李强
Original assignee: 华为技术有限公司
Priority date: 2021-02-04
Filing date: 2021-12-31
Publication date: 2022-08-11
Also published as: US20240095408A1; EP4266202A4; CN112966297A; CN112966297B; EP4266202A1

Abstract

Disclosed are a data protection method and system, and a medium and an electronic device, which belong to the technical field of communications. In the embodiments of the present application, the method comprises: a first electronic device establishing a communication connection with a second electronic device, wherein the first electronic device is a trusted device of the second electronic device; and upon detecting a first trigger condition, the first electronic device sending first data to the second electronic device, wherein the first data is used for triggering the second electronic device to enter a maintenance mode. By means of the embodiments of the present application, a second electronic device is triggered by a first electronic device to enter a maintenance mode, thereby protecting data of the electronic device.

Description

Data protection method, system, medium and electronic device

This application claims the priority of the Chinese patent with the application number 202110158831.1 and the title of the invention "Data Protection Method, System, Medium and Electronic Device", which was filed with the China Patent Office on February 04, 2021, the entire contents of which are incorporated herein by reference Applying.

technical field

The present application relates to the technical field of device management, and in particular, to a data protection method, system, medium and electronic device.

Background technique

The use of electronic devices plays an increasingly important role in daily life. Taking mobile phones as an example, they can carry a large amount of user personal data, such as instant chat records, photos, address books, videos, recordings, schedule records, itineraries records, etc. In scenarios such as electronic equipment maintenance or loaning of electronic equipment, the data in electronic equipment can be easily viewed, exported or externally transmitted.

SUMMARY OF THE INVENTION

The embodiments of the present application provide a data protection method for protecting data of an electronic device.

In a first aspect, an embodiment of the present application provides a data protection method, which is applied to a first electronic device. The method includes: establishing a communication connection between the first electronic device and a second electronic device, wherein the first electronic device is A trusted device of the second electronic device; detecting a first trigger condition, the first electronic device sends first data to the second electronic device, wherein the first data is used to trigger the second electronic device The electronic device enters service mode. Among them, the electronic equipment entering the maintenance mode can protect its data, and prevent the electronic equipment data from being viewed, exported or externally transmitted.

In the embodiment of the present application, when a first trigger condition is detected, the first electronic device sends the first data to the second electronic device to trigger the second electronic device to enter the maintenance mode, so as to trigger the first electronic device to trigger the second electronic device. The second electronic device enters the maintenance mode to protect the data of the first electronic device and the second electronic device, and prevent the data of the first electronic device and the second electronic device from being viewed, exported or externally transmitted.

Optionally, the first trigger condition includes: the first electronic device is in a maintenance detection state, or the first electronic device is in a maintenance mode, or the first electronic device enters a maintenance mode. Wherein, the first electronic device is in a maintenance detection state, or the first electronic device is in a maintenance mode, or the first electronic device enters a maintenance mode, that is, the first electronic device is in a non-safe environment, and the first electronic device and the The data of the second electronic device can be easily viewed, exported or externally transmitted. For this reason, it is necessary to protect the data of the first electronic device and the second electronic device when the first electronic device networked with the second electronic device is in a non-secure environment. The second electronic device is triggered to enter the maintenance mode by the first electronic device, so as to protect the data of the second electronic device and prevent the second electronic device from being in an unsafe environment.

Optionally, the first trigger condition further includes that the first electronic device requests the second electronic device to provide detection authority. Wherein, the first electronic device requests the second electronic device to provide detection authority, that is, the second electronic device will be in a non-secure environment. During the detection of the second electronic device, the data of the second electronic device can be easily viewed, exported or externally transmitted. It is necessary to trigger the second electronic device to enter the maintenance mode through the first electronic device, so as to protect the data of the second electronic device and prevent the second electronic device from being in an unsafe environment.

Optionally, the first trigger condition includes: the first electronic device receives an instruction input by a user to instruct the second electronic device to enter a maintenance mode. Wherein, the user can trigger the second electronic device to enter the maintenance mode through the first electronic device based on personal needs, and realize the protection of the data of the electronic device based on the user's needs.

Optionally, entering the maintenance mode of the first electronic device includes: encrypting private data.

Optionally, entering the maintenance mode of the first electronic device includes: providing a detection authority to implement maintenance detection of the first electronic device.

Optionally, entering the maintenance mode of the first electronic device includes: providing a maintenance detection space; and opening an access authority of the maintenance detection space to a trusted device of the first electronic device.

In a second aspect, an embodiment of the present application provides a data protection method, which is applied to a second electronic device. The method includes: establishing a communication connection between the second electronic device and the first electronic device, wherein the second electronic device is A trusted device of the first electronic device; receiving first data sent by the first electronic device; entering a maintenance mode according to the first data. The second electronic device enters the maintenance mode according to the first data sent by the first electronic device to protect the data of the second electronic device.

Optionally, the first data includes one of the following information: the first electronic device is in a maintenance detection state, the first electronic device is in a maintenance mode, and the first electronic device enters a maintenance mode.

Optionally, the first data further includes information for requesting the second electronic device to provide detection authority.

Optionally, the first data includes information input by a user to instruct the second electronic device to enter a maintenance mode.

Optionally, the entering into the maintenance mode according to the first data includes: encrypting private data.

Optionally, the entering into the maintenance mode according to the first data further includes: providing a detection authority to implement maintenance detection on the second electronic device.

Optionally, the entering into the maintenance mode according to the first data further includes: providing a maintenance detection space; and opening the access authority of the maintenance detection space to a trusted device of the second electronic device.

In a third aspect, an embodiment of the present application provides a data protection system, including at least a first electronic device and a second electronic device; the first electronic device establishes a communication connection with the second electronic device, wherein the first electronic device The second electronic device is a trusted device of the first electronic device; the first electronic device sends first data to the second electronic device under a first trigger condition; the second electronic device receives the first data data; the second electronic device enters a maintenance mode according to the first data.

In a fourth aspect, an embodiment of the present application provides a data protection system, including a cloud server and at least one electronic device; the cloud server establishes a communication connection with the at least one electronic device, wherein the cloud server is the at least one electronic device. A trusted device of an electronic device; when a first trigger condition is detected, the electronic device sends first data to the cloud server; the cloud server receives the first data; the cloud server receives the first data according to the first data Enter service mode.

In a fifth aspect, a computer-readable storage medium is provided, and the computer-readable storage medium stores computer program code, and when the computer program code is executed by a computing device, the computing device executes the above-mentioned method.

In a fifth aspect, an electronic device is provided, the electronic device includes a processor and a memory, the memory is used to store a set of computer instructions, when the processor executes the set of computer instructions, the computing device Perform the method described above.

The technical effects obtained by the second aspect, the third aspect, the fourth aspect and the fifth aspect are similar to the technical effects obtained by the corresponding technical means in the first aspect, and will not be repeated here.

The beneficial effects brought by the technical solution provided by this application include at least:

In this embodiment of the present application, the first electronic device is used to trigger the second electronic device to enter the maintenance mode, the data of the first electronic device and the second electronic device are protected, and the first electronic device or the second electronic device is prevented from being in an unsafe environment Then, the data of the first electronic device and the second electronic device are viewed, exported or externally transmitted, and the data of the first electronic device and the second electronic device are protected.

Description of drawings

FIG. 1 is a simplified schematic diagram of a system architecture provided by an embodiment of the present application.

FIG. 2 is a schematic structural diagram of an electronic device according to an embodiment of the present application.

FIG. 3 is a block diagram of a software structure of an electronic device in an embodiment of the present application.

FIG. 4 is a schematic flowchart of a data protection method provided by an embodiment of the present application.

FIG. 5a is a schematic diagram of a main interface before maintenance provided by an embodiment of the present application.

FIG. 5b is a schematic diagram of a service application interface provided by an embodiment of the present application.

FIG. 6a is a schematic diagram of a main interface after maintenance provided by an embodiment of the present application.

FIG. 6b is a schematic diagram of a pre-maintenance memorandum interface provided by an embodiment of the present application.

FIG. 6c is a schematic diagram of a post-maintenance memo interface provided by an embodiment of the present application.

FIG. 7a is a schematic diagram of a common application accessing data in a maintenance mode according to an embodiment of the present application.

FIG. 7b is a schematic diagram of accessing data by a maintenance mode application in a maintenance mode according to an embodiment of the present application.

FIG. 8 is a schematic flowchart of another data protection method provided by an embodiment of the present application.

FIG. 9 is a schematic flowchart of another data protection method provided by an embodiment of the present application.

FIG. 10 is a schematic flowchart of another data protection method provided by an embodiment of the present application.

FIG. 11 is a schematic diagram of a data protection scenario provided by an embodiment of the present application.

FIG. 12 is a schematic flowchart of another data protection method provided by an embodiment of the present application.

FIG. 13 is a schematic diagram of another data protection scenario provided by an embodiment of the present application.

FIG. 14 is a schematic flowchart of another data protection method provided by an embodiment of the present application.

FIG. 15 is a schematic diagram of another data protection scenario provided by an embodiment of the present application.

FIG. 16 is a schematic diagram of a permission setting interface provided by an embodiment of the present application.

FIG. 17 is a schematic diagram of another permission setting interface provided by an embodiment of the present application.

FIG. 18 is a schematic diagram of another permission setting interface provided by an embodiment of the present application.

Detailed ways

It should be noted that, in this application, "at least one" refers to one or more, and "a plurality" refers to two or more. "And/or", which describes the relationship between the associated objects, means that there can be three relationships, for example, A and/or B can mean: A alone exists, A and B exist at the same time, and B exists alone, where A, B Can be singular or plural. The terms "first", "second", "third", "fourth", etc. (if present) in the description and claims of this application and the drawings are used to distinguish similar objects, not to Describe a particular order or sequence.

It will be understood that when an element (eg, a first element) is referred to as being "(operatively or communicatively) coupled to another element (eg, a second element)" or "connected to" another element, it will be understood that It may be directly coupled/coupled or connected to another element or intervening elements (eg, a third element) may be present. In contrast, when an element (eg, a first element) is referred to as being "directly coupled" or "directly connected to" another element (eg, a second element), it will be understood that there are no intervening elements (eg, a first element) present three elements).

Please refer to FIG. 1 , which is a simplified schematic diagram of a system architecture provided by an embodiment of the present application. As shown in FIG. 1 , the system architecture may include a first electronic device 10 , a second electronic device 20 and a cloud server 30 . The first electronic device 10, the second electronic device 20 and the cloud server 30 are connected to the same network 40, where the network 40 may include a wide area network, a metropolitan area network, and a local area network. The first electronic device 10 and the second electronic device 20 are connected to the same local area network, specifically, the first electronic device 10 and the second electronic device 20 establish a wireless connection with the same wireless access point. For example, the first electronic device 10 and the second electronic device 20 are connected to the same wireless fidelity (Wireless Fidelity, WI-FI) hotspot. For example, the first electronic device 10 and the second electronic device 20 can also be connected through the Bluetooth protocol. under the same bluetooth beacon. The first electronic device 10 and the second electronic device 20 establish a wired connection. For example, the first electronic device 10 is connected to the second electronic device 20 through a wired connection medium such as optical fiber or copper wire.

The first electronic device 10 supports a data access protocol and can provide data as a server. Exemplarily, the first electronic device 10 may be a mobile phone, a tablet computer, etc., the specific structure of which is shown in FIG. 2 and will be described in detail in the following embodiments. The second electronic device 20 also supports the above-mentioned data access protocol, and can access the data in the first electronic device 10 as a client. In some embodiments, the second electronic device 20 may specifically be a mobile phone or a computer, and the above-mentioned computer may be a desktop computer or a notebook computer, such as a Mac notebook computer from Apple, a Windows notebook computer from companies such as Huawei, and the like.

Wherein, the first electronic device 10 and the second electronic device 20 may be connected to the cloud server 30 through the network 40, and the connection manner of the network 40 between the electronic devices and the cloud server 30 may include wired or wireless connection. Cloud servers are used to store data uploaded by other electronic devices. The first electronic device 10 or the second electronic device 20 can store its data including applications, program parameters, files, etc. on the cloud server 30 , and the first electronic device 10 or the second electronic device 20 can also download and store from the cloud server 30 Data on cloud server 30. The cloud server 30 may include Huawei Cloud, Amazon, Alibaba Cloud, Tencent Cloud, Baidu Cloud, and the like.

It can be understood that, in some cases, the above system architecture includes at least two electronic devices, and the first electronic device 10 and the second electronic device 20 communicate with each other. Or in some cases, the above-mentioned system architecture only includes electronic devices and cloud server 30, wherein the number of electronic devices is not less than one.

In some embodiments of the present application, the first electronic device 10 or the second electronic device 20 may be a portable electronic device that also includes other functions such as a personal digital assistant and/or a music player function, such as a wearable device with a wireless communication function (such as smart watches), etc. The portable electronic device described above may also be other portable electronic devices, such as a laptop computer (Laptop) or the like with a touch-sensitive surface (eg, a touch panel). It should also be understood that, in some other embodiments of the present application, the above-mentioned first electronic device 10 may not be a portable electronic device, but a desktop computer, a digital camera, a speaker, a smart screen, a car machine, or the like.

Please refer to FIG. 2 , taking the electronic device as a mobile phone as an example. Those skilled in the art can understand that the mobile phone shown in FIG. 2 is only an example and does not constitute a limitation on the mobile phone. The mobile phone may have more or fewer parts.

Exemplarily, FIG. 2 is a schematic structural diagram of an electronic device provided by an embodiment of the present application.

The electronic device may include a processor 110, an external memory interface 120, an internal memory 121, a universal serial bus (USB) interface 130, a charging management module 140, a power management module 141, a battery 142, an antenna 1, an antenna 2. Mobile communication module 150, wireless communication module 160, audio module 170, speaker 170A, receiver 170B, microphone 170C, headphone jack 170D, sensor module 180, camera 193, display screen 194, etc.

It can be understood that the structures illustrated in the embodiments of the present invention do not constitute a specific limitation on the electronic device. In other embodiments of the present application, the electronic device may include more or less components than shown, or some components may be combined, or some components may be split, or different component arrangements. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.

The processor 110 may include one or more processing units, for example, the processor 110 may include an application processor (application processor, AP), a modem processor, a graphics processor (graphics processing unit, GPU), an image signal processor (image signal processor, ISP), controller, video codec, digital signal processor (digital signal processor, DSP), baseband processor, and/or neural-network processing unit (neural-network processing unit, NPU), etc. Wherein, different processing units may be independent devices, or may be integrated in one or more processors.

A memory may also be provided in the processor 110 for storing instructions and data. In some embodiments, the memory in processor 110 is cache memory. This memory may hold instructions or data that have just been used or recycled by the processor 110 . If the processor 110 needs to use the instruction or data again, it can be called directly from the memory. Repeated accesses are avoided and the latency of the processor 110 is reduced, thereby increasing the efficiency of the system.

In some embodiments, the processor 110 may include one or more interfaces. The interface may include an integrated circuit (inter-integrated circuit, I2C) interface, an integrated circuit built-in audio (inter-integrated circuit sound, I2S) interface, a pulse code modulation (pulse code modulation, PCM) interface, a universal asynchronous transceiver (universal asynchronous transmitter) receiver/transmitter, UART) interface, mobile industry processor interface (MIPI), general-purpose input/output (GPIO) interface, subscriber identity module (SIM) interface, and / or universal serial bus (universal serial bus, USB) interface, etc.

The charging management module 140 is used to receive charging input from the charger. The charger may be a wireless charger or a wired charger. In some wired charging embodiments, the charging management module 140 may receive charging input from the wired charger through the USB interface 130 . In some wireless charging embodiments, the charging management module 140 may receive wireless charging input through a wireless charging coil of the electronic device. While the charging management module 140 charges the battery 142 , it can also supply power to the electronic device through the power management module 141 .

The power management module 141 is used for connecting the battery 142 , the charging management module 140 and the processor 110 . The power management module 141 receives input from the battery 142 and/or the charging management module 140, and supplies power to the processor 110, the internal memory 121, the display screen 194, the camera 193, and the wireless communication module 160. The power management module 141 can also be used to monitor parameters such as battery capacity, battery cycle times, battery health status (leakage, impedance). In some other embodiments, the power management module 141 may also be provided in the processor 110 . In other embodiments, the power management module 141 and the charging management module 140 may also be provided in the same device.

The wireless communication function of the electronic device can be implemented by the antenna 1, the antenna 2, the mobile communication module 150, the wireless communication module 160, the modulation and demodulation processor, the baseband processor, and the like.

Antenna 1 and Antenna 2 are used to transmit and receive electromagnetic wave signals. Each antenna in an electronic device can be used to cover a single or multiple communication frequency bands. Different antennas can also be reused to improve antenna utilization. For example, the antenna 1 can be multiplexed into a diversity antenna of the wireless local area network. In other embodiments, the antenna may be used in conjunction with a tuning switch.

The mobile communication module 150 can provide a wireless communication solution including 2G/3G/4G/5G etc. applied on the electronic device. The mobile communication module 150 may include one or more filters, switches, power amplifiers, low noise amplifiers (LNAs), and the like. The mobile communication module 150 can receive electromagnetic waves from the antenna 1, filter and amplify the received electromagnetic waves, and transmit them to the modulation and demodulation processor for demodulation. The mobile communication module 150 can also amplify the signal modulated by the modulation and demodulation processor, and then turn it into an electromagnetic wave for radiation through the antenna 1 . In some embodiments, at least part of the functional modules of the mobile communication module 150 may be provided in the processor 110. In some embodiments, at least part of the functional modules of the mobile communication module 150 may be provided in the same device as at least part of the modules of the processor 110 .

The modem processor may include a modulator and a demodulator. Wherein, the modulator is used to modulate the low frequency baseband signal to be sent into a medium and high frequency signal. The demodulator is used to demodulate the received electromagnetic wave signal into a low frequency baseband signal. Then the demodulator transmits the demodulated low-frequency baseband signal to the baseband processor for processing. The low frequency baseband signal is processed by the baseband processor and passed to the application processor. The application processor outputs sound signals through audio devices (not limited to the speaker 170A, the receiver 170B, etc.), or displays images or videos through the display screen 194 . In some embodiments, the modem processor may be a stand-alone device. In other embodiments, the modem processor may be independent of the processor 110, and may be provided in the same device as the mobile communication module 150 or other functional modules.

The wireless communication module 160 can provide applications on electronic devices including wireless local area networks (WLAN) (such as wireless fidelity (Wi-Fi) networks), Bluetooth (BT), global navigation satellite systems ( global navigation satellite system, GNSS), frequency modulation (frequency modulation, FM), near field communication technology (near field communication, NFC), infrared technology (infrared, IR) and other wireless communication solutions. The wireless communication module 160 may be one or more devices integrating one or more communication processing modules. The wireless communication module 160 receives electromagnetic waves via the antenna 2 , frequency modulates and filters the electromagnetic wave signals, and sends the processed signals to the processor 110 . The wireless communication module 160 can also receive the signal to be sent from the processor 110 , perform frequency modulation on it, amplify it, and convert it into electromagnetic waves for radiation through the antenna 2 .

In some embodiments, the antenna 1 of the electronic device is coupled with the mobile communication module 150, and the antenna 2 is coupled with the wireless communication module 160, so that the electronic device can communicate with the network and other devices through wireless communication technology. The wireless communication technology may include global system for mobile communications (GSM), general packet radio service (GPRS), code division multiple access (CDMA), broadband Code Division Multiple Access (WCDMA), Time Division Code Division Multiple Access (TD-SCDMA), Long Term Evolution (LTE), BT, GNSS, WLAN, NFC , FM, and/or IR technology, etc. The GNSS may include global positioning system (global positioning system, GPS), global navigation satellite system (global navigation satellite system, GLONASS), Beidou navigation satellite system (beidou navigation satellite system, BDS), quasi-zenith satellite system (quasi satellite system) -zenith satellite system, QZSS) and/or satellite based augmentation systems (SBAS).

The electronic device realizes the display function through the GPU, the display screen 194, and the application processor. The GPU is a microprocessor for image processing, and is connected to the display screen 194 and the application processor. The GPU is used to perform mathematical and geometric calculations for graphics rendering. Processor 110 may include one or more GPUs that execute program instructions to generate or alter display information.

Display screen 194 is used to display images, videos, and the like. Display screen 194 includes a display panel. The display panel can be a liquid crystal display (LCD), an organic light-emitting diode (OLED), an active-matrix organic light-emitting diode or an active-matrix organic light-emitting diode (active-matrix organic light). emitting diode, AMOLED), flexible light-emitting diode (flex light-emitting diode, FLED), Miniled, MicroLed, Micro-oLed, quantum dot light-emitting diode (quantum dot light emitting diodes, QLED) and so on. In some embodiments, the electronic device may include 1 or N display screens 194 , where N is a positive integer greater than 1.

The electronic device can realize the shooting function through the ISP, the camera 193, the video codec, the GPU, the display screen 194 and the application processor. The ISP is used to process the data fed back by the camera 193 . For example, when taking a photo, the shutter is opened, the light is transmitted to the camera photosensitive element through the lens, the light signal is converted into an electrical signal, and the camera photosensitive element transmits the electrical signal to the ISP for processing, and converts it into an image visible to the naked eye. ISP can also perform algorithm optimization on image noise, brightness, and skin tone. ISP can also optimize the exposure, color temperature and other parameters of the shooting scene. In some embodiments, the ISP may be provided in the camera 193 .

Camera 193 is used to capture still images or video. The object is projected through the lens to generate an optical image onto the photosensitive element. The photosensitive element may be a charge coupled device (CCD) or a complementary metal-oxide-semiconductor (CMOS) phototransistor. The photosensitive element converts the optical signal into an electrical signal, and then transmits the electrical signal to the ISP to convert it into a digital image signal. The ISP outputs the digital image signal to the DSP for processing. DSP converts digital image signals into standard RGB, YUV and other formats of image signals. In some embodiments, the electronic device may include 1 or N cameras 193 , where N is a positive integer greater than 1.

A digital signal processor is used to process digital signals, in addition to processing digital image signals, it can also process other digital signals. For example, when the electronic device selects the frequency point, the digital signal processor is used to perform Fourier transform on the frequency point energy, etc.

Video codecs are used to compress or decompress digital video. An electronic device may support one or more video codecs. In this way, the electronic device can play or record videos in various encoding formats, such as: moving picture experts group (moving picture experts group, MPEG) 1, MPEG2, MPEG3, MPEG4 and so on.

The external memory interface 120 can be used to connect an external memory card, such as a Micro SD card, to expand the storage capacity of the electronic device. The external memory card communicates with the processor 110 through the external memory interface 120 to realize the data storage function. For example to save files like music, video etc in external memory card.

Internal memory 121 may be used to store one or more computer programs including instructions. The processor 110 may execute the above-mentioned instructions stored in the internal memory 121, thereby causing the electronic device to execute the screen projection display method provided in some embodiments of the present application, as well as various functional applications and data processing. The internal memory 121 may include a storage program area and a storage data area. Wherein, the stored program area may store the operating system; the stored program area may also store one or more application programs (such as gallery, contacts, etc.) and the like. The storage data area can store data (such as photos, contacts, etc.) created during the use of the electronic device. In addition, the internal memory 121 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic disk storage devices, flash memory devices, universal flash storage (UFS), and the like. In other embodiments, the processor 110 executes the instructions stored in the internal memory 121 and/or the instructions stored in the memory provided in the processor, so that the electronic device performs the screen projection provided in the embodiments of the present application methods, as well as various functional applications and data processing.

The electronic device can implement audio functions through the audio module 170, the speaker 170A, the receiver 170B, the microphone 170C, the headphone jack 170D, and the application processor. Such as music playback, recording, etc. The audio module 170 is used for converting digital audio information into analog audio signal output, and also for converting analog audio input into digital audio signal. Audio module 170 may also be used to encode and decode audio signals. In some embodiments, the audio module 170 may be provided in the processor 110 , or some functional modules of the audio module 170 may be provided in the processor 110 . Speaker 170A, also referred to as a "speaker", is used to convert audio electrical signals into sound signals. The electronic device can listen to music through speaker 170A, or listen to hands-free calls. The receiver 170B, also referred to as "earpiece", is used to convert audio electrical signals into sound signals. When the electronic device answers a call or a voice message, the voice can be received by placing the receiver 170B close to the human ear. Microphone 170C, also known as "microphone" and "microphone", is used to convert sound signals into electrical signals. When making a call or sending a voice message, the user can make a sound through the human mouth close to the microphone 170C, and input the sound signal into the microphone 170C. The electronic device may be provided with one or more microphones 170C. In other embodiments, the electronic device may be provided with two microphones 170C, which can implement a noise reduction function in addition to collecting sound signals. In other embodiments, the electronic device may further be provided with three, four or more microphones 170C to collect sound signals, reduce noise, identify sound sources, and implement directional recording functions. The earphone jack 170D is used to connect wired earphones. The earphone interface 170D may be the USB interface 130, or may be a 3.5mm open mobile terminal platform (OMTP) standard interface, a cellular telecommunications industry association of the USA (CTIA) standard interface.

The sensor module 180 may include a pressure sensor, a gyro sensor, an air pressure sensor, a magnetic sensor, an acceleration sensor, a distance sensor, a proximity light sensor, a fingerprint sensor, a temperature sensor, a touch sensor, an ambient light sensor, a bone conduction sensor, and the like. The touch sensor can be arranged on the display screen, and the touch screen is composed of the touch sensor and the display screen, also called "touch screen".

In addition, the above electronic device may also include one or more components such as a button, a motor, an indicator, and a SIM card interface, which are not limited in this embodiment of the present application.

The software system of the electronic device may adopt a layered architecture, an event-driven architecture, a microkernel architecture, a microservice architecture, or a cloud architecture. The embodiments of the present application take an Android system with a layered architecture as an example to exemplarily describe the software structure of an electronic device.

Please refer to FIG. 3 , which is a block diagram of a software structure of an electronic device in an embodiment of the present application.

The layered architecture divides the software into several layers, and each layer has a clear role and division of labor. Layers communicate with each other through software interfaces. In some embodiments, the Android system is divided into four layers, which are, from top to bottom, an application layer, an application framework layer, an Android runtime (Android runtime) and a system library, and a kernel layer.

The application layer can include a series of application packages. As shown in Figure 3, the application package may include applications such as camera, gallery, calendar, call, map, navigation, WLAN, Bluetooth, music, video, short message, and services.

In some embodiments of the present application, the application layer is mainly responsible for the presentation of the Settings UI, and the above-mentioned Settings UI can be used for the user to set the data data protection function of the electronic device. For example, users can turn on or off the data protection function in the Settings UI.

The application framework layer provides an application programming interface (application programming interface, API) and a programming framework for applications in the application layer. The application framework layer includes some predefined functions.

As shown in Figure 3, the application framework layer may include window managers, content providers, view systems, telephony managers, resource managers, notification managers, and the like.

A window manager is used to manage window programs. The window manager can get the size of the display screen, determine whether there is a status bar, lock the screen, take screenshots, etc.

Content providers are used to store and retrieve data and make these data accessible to applications. The data may include video, images, audio, calls made and received, browsing history and bookmarks, phone book, etc.

The view system includes visual controls, such as controls for displaying text, controls for displaying pictures, and so on. View systems can be used to build applications. The display interface may include one or more views. For example, the display interface including the short message notification icon may include a view for displaying text and a view for displaying pictures.

The phone manager is used to provide the communication function of the electronic device. For example, the management of call status (including connecting, hanging up, etc.).

The resource manager provides various resources for the application, such as localization strings, icons, pictures, layout files, video files and so on.

The notification manager enables applications to display notification information in the status bar, which can be used to convey notification-type messages, and can disappear automatically after a brief pause without user interaction. For example, the notification manager is used to notify download completion, message reminders, etc. The notification manager can also display notifications in the status bar at the top of the system in the form of graphs or scroll bar text, such as notifications of applications running in the background, and notifications on the screen in the form of dialog windows. For example, text information is prompted in the status bar, a prompt sound is issued, the electronic device vibrates, and the indicator light flashes.

In the embodiments of this application, the data protection function can be implemented as a function of the electronic device, or can be implemented as a sub-function of the original data protection in the electronic device, for example, the data protection function can be implemented as a sub-function of the service application function of Huawei mobile phones , or as a function of the maintenance mode function of Huawei mobile phones.

Android Runtime includes core libraries and a virtual machine. Android runtime is responsible for scheduling and management of the Android system.

The core library consists of two parts: one is the function functions that the java language needs to call, and the other is the core library of Android.

The application layer and the application framework layer run in virtual machines. The virtual machine executes the java files of the application layer and the application framework layer as binary files. The virtual machine is used to perform functions such as object lifecycle management, stack management, thread management, safety and exception management, and garbage collection.

A system library can include multiple functional modules. For example: surface manager (surface manager), media library (Media Libraries), 3D graphics processing library (eg: OpenGL ES), 2D graphics engine (eg: SGL), etc. The Surface Manager is used to manage the display subsystem and provides a fusion of 2D and 3D layers for multiple applications. The media library supports playback and recording of a variety of commonly used audio and video formats, as well as still image files. The media library can support a variety of audio and video encoding formats, such as: MPEG4, H.264, MP3, AAC, AMR, JPG, PNG, etc. The 3D graphics processing library is used to implement 3D graphics drawing, image rendering, compositing, and layer processing. 2D graphics engine is a drawing engine for 2D drawing.

The kernel layer is the layer between hardware and software. The kernel layer contains at least display drivers, camera drivers, audio drivers, and sensor drivers.

In the following, the workflow of the software and hardware of the electronic device will be exemplarily described in conjunction with the capturing and photographing scene.

When the touch sensor receives a touch operation, the corresponding hardware interrupt is sent to the kernel layer. The kernel layer processes touch operations into raw input events (including touch coordinates, timestamps of touch operations, etc.). Raw input events are stored at the kernel layer. The application framework layer obtains the original input event from the kernel layer, and identifies the control corresponding to the input event. Taking the touch operation as a touch click operation and the control corresponding to the click operation being the control of the service application icon, the service application invokes the interface of the application framework layer, starts the service application, and provides the user with a data protection function.

It should be emphasized that FIG. 3 is only a schematic example; the software structure of the electronic device provided by the embodiments of the present application may also adopt other software architectures, such as

The software architecture of Linux or other operating systems.

In the prior art, when an electronic device fails, the user sends the electronic device to maintenance personnel for maintenance. At this time, the maintenance personnel need to ask the user for a corresponding password, such as a power-on password, to unlock the electronic device. After unlocking the electronic device , maintenance personnel can obtain the private data in the electronic device, such as viewing chat records, exporting pictures in the gallery, etc., resulting in leakage of users' personal privacy data. Or, in some cases, when the user's electronic device is used by other personnel, other personnel may also obtain private data such as chat records in the electronic device.

To this end, this application proposes a data protection method for protecting the private data of an electronic device. Other personnel can operate the electronic device and use the original functions of the electronic device, but the private data in the electronic device is safely isolated. Others cannot access the user's private data in the electronic device.

Example 1

Please refer to FIG. 4 , which is a schematic flowchart of a data protection method provided by an embodiment of the present application. The method can be applied to an electronic device or a cloud server, and the method includes:

Step S40: Receive first data for indicating entering the maintenance mode.

In this embodiment of the present application, the electronic device or the cloud server may receive first data from other electronic devices, where the first data is used to trigger the electronic device or cloud server that has received the first data to enter the maintenance mode. If the first electronic device receives the first data from the second electronic device when the first electronic device is communicatively connected to the second electronic device, the first electronic device enters the maintenance mode according to the received first data. When the cloud server is in communication connection with the first electronic device, the cloud server receives the first data sent from the first electronic device, and the cloud server enters the maintenance mode according to the received first data. That is, the electronic device or the cloud server may receive the first data sent from other electronic devices in the network, where the other electronic devices in the network may include the electronic device and the cloud server. The electronic device or the cloud server can also directly receive the first data input from the user, such as the first data input through the UI interface, then the electronic device or the cloud server enters the maintenance mode according to the received first data , which is not specifically limited in this application.

Exemplarily, the electronic device is a mobile phone, and the mobile phone receives the first data input from the user. Before entering the maintenance mode, the main interface of the mobile phone is the first main interface 12 , as shown in FIG. The status bar 11 may include the operator's name (for example, China Mobile), time, signal strength, and current remaining power. The first main interface 12 includes applications, and these applications include embedded applications and downloadable applications. As shown in FIG. 5a, the first main interface 12 includes a calendar icon 501, a clock icon 502, a service icon 503, a mailbox icon 504, chat software icon 505, memo icon 506, and so on. The Dock bar 13 includes commonly used applications, such as a phone icon 507 , an information icon 508 and a camera icon 509 .

The user clicks the service icon 503 on the first main interface 12 to enter the service application. The service application presents the service application interface, as shown in FIG. 5b, including the status bar 11 and the service application interface 14. The status bar 11 is similar to FIG. 5a, and here No longer. The service application interface 14 includes corresponding service function icons, such as a door-to-door service icon 513 , an eco-friendly recycling icon 523 and a maintenance mode icon 533 . The user clicks the maintenance mode icon 533, and the user inputs an instruction instructing the mobile phone to enter the maintenance mode, that is, inputting the first data to the mobile phone to trigger the mobile phone to enter the maintenance mode. After receiving the first data, the mobile phone enters the maintenance mode. In this embodiment of the present application, the first data includes information used to instruct a certain electronic device to enter a maintenance mode.

Step S41: Enter the maintenance mode according to the first data, and encrypt the private data.

In this embodiment of the present application, privacy data is determined, and then a secure encryption algorithm is used to encrypt the determined privacy data, so as to realize all-round isolation of the privacy data. Private data can be related to user personal privacy, such as user personal information, or user sensitive data. Private data can be understood as the data recorded by the user's operations on a new electronic device. The privacy data includes but is not limited to applications downloaded by users or data generated by users using applications, such as third-party software downloaded by users, or data entered by users on third-party software, or data generated by users on embedded applications Input data, or data received by users through third-party software, or data received by users through embedded applications, etc.

Exemplarily, the privacy data includes application programs downloaded by the user, such as payment software, social software, and photography and beautification software, and the privacy data includes data generated by the user using third-party applications, such as chat records on social software, Take pictures or videos taken by users on the beautification software. The privacy data includes the data generated by the user using the embedded application, such as pictures or videos on the local photo album of the mobile phone, mail data on the mail, data recorded on the memo, contact information recorded on the address book and records on the recording. voice, etc.

In the embodiments of the present application, the algorithms for encrypting the determined privacy data include but are not limited to AES256, RSA1024, etc., which are not specifically limited in the present application.

Step S42: Save the privacy data and initialize the interface to factory settings.

In the embodiment of the present application, when the electronic device enters the maintenance mode, the electronic device can encrypt the private data and save it in a preset storage space, or save the private data in a preset storage space. When the electronic device enters the maintenance mode or is in the maintenance mode, the preset storage space in the electronic device cannot be accessed, and the interface of the electronic device is "initialized" to the factory settings, that is, the relevant privacy data is hidden and cannot be accessed through the interface of the electronic device. Enter the preset storage space, and then cannot obtain private data through application access. That is, after the interface of the electronic device is initialized, the private data is hidden from display, the downloaded application is hidden and cannot be accessed, and the data recorded on the embedded application is also hidden from display. When the electronic device exits the maintenance mode, the preset storage space in the electronic device will be released, the private data saved in the preset storage space can be restored, and the interface of the electronic device is also restored to the electronic device entering the maintenance mode. Before, users could obtain private data through the application.

Exemplarily, taking the electronic device as a mobile phone, the first main interface 12 before the mobile phone enters the maintenance mode is shown in Fig. 5a. After the mobile phone enters the maintenance mode, the main interface of the mobile phone is the second main interface 15, and the second main interface 15 is shown in FIG. 6a. After the mobile phone enters the maintenance mode, the original mailbox icon 504 and chat software icon 505 on the first main interface 12 are not displayed on the second main interface 15, the mailbox and chat software applications are hidden, and the user cannot find the downloaded application software by operating the mobile phone . In one of the possible implementations, the first main interface 12 is originally set with a wallpaper, and after entering the maintenance mode, the wallpaper on the second main interface 15 is initialized to the wallpaper of the mobile phone when it leaves the factory.

In one of the possible implementations, the data that the user operates on the embedded application will also be hidden. Some note information recorded by the user on the memo, as shown in FIG. 6a, the user clicks the memo icon 506 on the second main interface 15 to enter the memo application. The mobile phone does not enter the maintenance mode. As shown in FIG. 6b , the application interface of the memo on the mobile phone is the memo first application interface 16 , and corresponding note information is displayed in the memo first application interface 16 . After the mobile phone enters the maintenance mode, as shown in FIG. 6 c , the application interface of the memo is the second memo application interface 17 , and the note information will also be hidden in the second memo application interface 17 . In one of the possible implementations, the user saves picture or video information in the gallery, and after the mobile phone enters the maintenance mode, the data originally saved to the gallery by the user is hidden, and the picture or video cannot be viewed.

Step S43: Provide inspection authority to implement maintenance inspection of the electronic device.

In the embodiment of the present application, when the electronic device needs to be detected, a detection authority may also be provided for the detection device, so that the detection device can detect the electronic device and realize maintenance and detection of the electronic device. Detection permissions include but are not limited to device detection interface permissions, device node access permissions, and log storage area access permissions. Exemplarily, the interface of the electronic device can be tested by providing the permission to detect the interface, so as to detect the interaction points between other external systems and the electronic device system and between various subsystems inside the electronic device system. The device node access authority can be provided to access the device in the electronic device, the device represented by the device node can be determined through the device node, and the device can be detected. Providing access rights to the log storage area can provide access rights to the public log area of the electronic device to obtain relevant log information. Set access control permissions to the public log area. For example, in maintenance mode, there are corresponding applications that can have access control permissions to the public log area. A corresponding application in the maintenance mode may be that the data protection function of the present application is implemented as a sub-function of the service application function in FIG. 5a, such as "maintenance mode". It is also possible to implement the data protection function of the present application as an application, for example, as a "maintenance mode" application, and the corresponding application in the maintenance mode can be a third-party software or an embedded application. Exemplarily, there is a "maintenance mode application" on the electronic device, and permissions are set for the user ID (User ID, UID) or group ID (Group ID, GID) of the maintenance mode application, such as allowing the maintenance mode application GID=1000_127 Apps access the public log area. When the user clicks the maintenance mode application, the public log area can be accessed through the maintenance mode application.

Exemplarily, when it is necessary to detect whether the camera of the electronic device can shoot, the camera permission needs to be provided to the detection device, so that the detection personnel can control the detection device to detect the function of the camera of the electronic device.

Step S44: Provide a maintenance detection space and open the access authority of the maintenance detection space to trusted devices of the electronic device.

In this embodiment of the present application, when the electronic device needs to be detected, the electronic device may also provide a maintenance and detection space, and a new space, ie a maintenance and detection space, is applied for in the storage area of the electronic device, and the maintenance and detection space can be used in the storage area of the electronic device. The maintenance detection data is stored during maintenance detection, and the data generated in the maintenance mode is stored in the maintenance detection space.

Step S45: Provide a maintenance mode space for caching data of the currently running application.

In this embodiment of the present application, when the content of the application currently running on the electronic device needs to be cached, a maintenance mode space is provided so that after the electronic device enters the maintenance mode, the content of the currently running application can also be cached in the maintenance mode space middle. Specifically, it is detected that there is a running application in the current electronic device, and another new memory space is applied for, that is, the maintenance mode space, and the content of the currently running application is cached in the maintenance mode space, so that after entering the maintenance mode, the automatic Generate a file directory in the maintenance mode, create a path of the maintenance mode, point to the maintenance mode space, to read the database and playlist information from the maintenance mode space, and directly read the content of the application in the maintenance mode, where the application can be Video playback application, so that after entering the maintenance mode, you can continue to play the corresponding video.

It can be understood that the steps performed in entering the maintenance mode include but are not limited to the above steps and sequences. In some scenarios, the execution steps may be appropriately adjusted or the corresponding steps may be appropriately reduced. It can be understood that the above steps can also be performed when in the maintenance mode.

Please refer to Fig. 7a and Fig. 7b together. Fig. 7a is a scenario in which a common application accesses data after the mobile phone enters the maintenance mode. The application can access the maintenance detection space. The common application refers to an application other than the maintenance mode application among the applications on the mobile phone after the electronic device enters the maintenance mode. Figure 7b is a scenario where the maintenance mode application accesses data after the mobile phone enters the maintenance mode. In this scenario, the maintenance mode application cannot access the private data stored in the mobile phone owner, but the maintenance mode application can access the maintenance detection space and log storage content in the area. That is, after entering the maintenance mode, when the operator operates the electronic device, he cannot access the owner's private data through ordinary applications, but can access the maintenance detection space through ordinary applications. The relevant data of the camera is stored in the maintenance and inspection space. The log storage area is also accessible for service mode applications. As shown in Figure 7a and Figure 7b, after the mobile phone enters the maintenance mode, the private data is encrypted and stored in the preset storage space, and the private data cannot be accessed through external commands. For example, the adb command cannot be used to obtain pictures or videos. Wait.

The data protection method of Embodiment 1 will be described in detail below with reference to specific application scenarios.

In the first scenario, the user sends the mobile phone with a faulty camera for repair. The user clicks the maintenance mode application on the mobile phone, and the mobile phone enters the maintenance mode, and the user's private data on the mobile phone is hidden. When the maintenance personnel repair the mobile phone The user's private data cannot be viewed. However, the mobile phone provides device detection interface permissions, device node access permissions, and log storage area access permissions. Maintenance personnel can test the camera. After repairing the mobile phone, the user exits the maintenance mode, and the data in the mobile phone is restored. The user can use the mobile phone normally and access Privacy Data.

In the second scenario, the user gives his tablet to a friend to play, but the user does not want the friend to see his personal privacy data, then the user can set the tablet to maintenance mode, then the user's friend cannot access the user's personal privacy data, but can. When using the tablet, for example, you can use the applications in it normally, such as phone calls, text messages, calendars, cameras, etc., but you cannot access the data of the application, such as the information received and sent by the user through the SMS application. In the maintenance mode, you can also re-download the application and use it, such as re-downloading the chat software, but there is no data in the chat software. Before entering the maintenance mode, the tablet plays the video normally. After entering the maintenance mode, the data corresponding to the video is cached in the maintenance mode space, and the relevant database and playlist information are read from the maintenance mode space, and the video can still be played normally. After the user device exits the maintenance mode, the hidden data of the tablet is restored, and the private data can be accessed through the app.

When implementing the embodiments of the present application, the inventor finds that the above-mentioned data protection only realizes data protection for a single electronic device. The interconnection between electronic devices can access data obtained from one electronic device to another electronic device. For example, when a communication connection is established between the mobile phone and the tablet, and the mobile phone can access the data of the tablet, when the mobile phone is sent for maintenance, even if the mobile phone enters the maintenance mode, the maintenance personnel can obtain the data on the tablet through the mobile phone.

To this end, this application proposes another data protection method for protecting the privacy data of electronic devices in the network. Other personnel can operate and use an electronic device, but the electronic device and other electronic devices networked with the electronic device are The private data of the network is securely isolated, and other personnel cannot access the private data of users in other electronic devices in the network.

Embodiment 2

Please refer to FIG. 8 , which is a schematic flowchart of another data protection method provided by an embodiment of the present application. The method can be applied to an electronic device or a cloud server, and the method includes:

Step S81: The first electronic device sends a connection request to the second electronic device.

In this embodiment of the present application, the first electronic device may include a terminal device or a cloud device, and the second electronic device may include a terminal device or a cloud device, such as a cloud server. The connection request may include device information and account information of the first electronic device.

It can be understood that the number of electronic devices networked with the first electronic device is not specifically limited, for example, a third electronic device and a cloud server may also be included.

Step S82: The second electronic device responds to the connection request, and the first electronic device establishes a communication connection with the second electronic device.

In the embodiment of the present application, the second electronic device verifies the account information in the connection request to determine whether the first electronic device is an electronic device of the same account, and if it is an electronic device of the same account, it is determined that the first electronic device is an electronic device of the same account. An electronic device is a trusted device of the second electronic device. After verifying the account information, the second electronic device returns the information of successful verification to the first electronic device, and the first electronic device establishes a communication connection with the second electronic device. When the second electronic device fails to verify the account information, the second electronic device returns verification failure information to the first electronic device, and the first electronic device fails to establish a communication connection with the second electronic device.

It can be understood that, if the second electronic device is a trusted device of the first electronic device, the first electronic device establishes a communication connection with the second electronic device, that is, the communication connection includes after the first electronic device and the second electronic device are authenticated successfully. established communication connection.

In the embodiment of the present application, the electronic devices of the same account are mutually trusted devices, and the trusted devices may also include electronic devices that pass the verification after user authorization. A communication connection can be established between trusted devices. If a certain electronic device and another electronic device are not mutually trusted devices, the connection between the two electronic devices is disconnected.

In the embodiment of the present application, the connection manner between the first electronic device and the second electronic device includes wired connection or wireless connection.

In this embodiment of the present application, establishing a communication connection between the first electronic device and the second electronic device is not limited to the first electronic device sending a connection request to the second electronic device, but also the second electronic device sending a connection request to the first electronic device , the following steps can be performed after the communication is connected.

Step S83: Detecting the first trigger condition, the first electronic device sends first data to the second electronic device, wherein the first data is used to trigger the second electronic device to enter the maintenance mode.

In the embodiment of the present application, after the first electronic device and the second electronic device are authenticated successfully, and after the first electronic device detects the first trigger condition, the first electronic device sends the first data to the second electronic device. The first trigger condition includes that the first electronic device is in a maintenance detection state, or the first electronic device is in a maintenance mode, or the first electronic device enters a maintenance mode. The first data is used to trigger the second electronic device to enter the maintenance mode, and the first data may include the following information: the first electronic device enters the maintenance mode, or the first electronic device is currently in the maintenance mode, or the first electronic device is in the maintenance mode. An electronic device is currently in a maintenance detection state, wherein the first electronic device is currently in a maintenance detection state, that is, the first device is under maintenance detection by the detection device.

In this embodiment of the present application, the first electronic device sends the first data to the second electronic device to notify the current state of the second electronic device, for example, the first electronic device enters the maintenance mode, or the first electronic device currently In the maintenance mode, or the first electronic device is currently in a maintenance detection state, etc., to trigger the second electronic device to enter the maintenance mode.

Step S84: The second electronic device enters the maintenance mode according to the first data.

In the embodiment of the present application, the second electronic device enters the maintenance mode after receiving the first data. When the second electronic device obtains information that the first electronic device enters the maintenance mode from the first data, the second electronic device enters the maintenance mode. Or, when the second electronic device obtains information that the first electronic device is in the maintenance mode from the first data, the second electronic device enters the maintenance mode. Or, when the second electronic device obtains from the first data that the first electronic device is currently under maintenance detection, the second electronic device enters the maintenance mode. In this embodiment of the present application, when the first electronic device is currently in the maintenance mode, or when the first electronic device is currently in maintenance detection, or, the first electronic device enters the maintenance mode, the first electronic device is in the maintenance mode. The electronic device sends the first data to the second electronic device, and the second electronic device receives the first data sent by the first electronic device, and the second electronic device is triggered to enter the maintenance mode. That is, when the second electronic device is in the maintenance mode, or the first electronic device is in the maintenance detection state, or the first electronic device enters the maintenance mode, based on the interconnection between the electronic devices Intercommunication, the second electronic device is also triggered to enter the maintenance mode after receiving the first data, so as to protect the data of the second electronic device.

It can be understood that the first electronic device is in the maintenance mode, or the first electronic device enters the maintenance mode, or the first electronic device is currently undergoing maintenance testing, the first electronic device is in an unsafe environment, and the first electronic device is in a non-safe environment. The electronic device sends the first data to the electronic device that is networked with it, and the electronic device that is networked with it automatically enters the maintenance mode after receiving the first data, and performs the steps of the above-mentioned first embodiment to protect the network with the first electronic device. data in other electronic devices.

Step S85: Detecting a second trigger condition, the first electronic device sends second data to the second electronic device, where the second data is used to trigger the second electronic device to exit the maintenance mode.

In the embodiment of the present application, the second trigger condition includes that the first electronic device currently exits the maintenance mode, or the first electronic device currently exits the maintenance detection. The second data may include the following information: the first electronic device currently exits the maintenance mode, or the first electronic device currently exits the maintenance detection.

In this embodiment of the present application, the first electronic device sends second data to the second electronic device to notify the current state of the second electronic device, for example, the first electronic device currently exits the maintenance mode, or the first electronic device Currently exiting maintenance detection, etc., to trigger the second electronic device to exit the maintenance mode.

Step S86: the second electronic device exits the maintenance mode according to the second data.

In this embodiment of the present application, when the second electronic device obtains information that the first electronic device exits the maintenance mode from the second data, the second electronic device exits the maintenance mode. Or, when the second electronic device obtains the information that the first electronic device exits the maintenance detection from the second data, the second electronic device exits the maintenance mode. That is, when the second electronic device exits the maintenance mode, or the first electronic device exits maintenance detection, the second electronic device is triggered to exit the maintenance mode.

In this embodiment of the present application, when the first electronic device is in a non-secure environment (the first electronic device is currently in a maintenance mode, or the first electronic device is being inspected for maintenance, or the first electronic device enters a maintenance mode) , the second electronic device can enter the maintenance mode according to the first data of the first electronic device to protect the data of the second electronic device and avoid leaking the private data in the second electronic device through the communication connection with the first electronic device. When the first electronic device exits the maintenance state, the first electronic device is in a safe environment (the first electronic device exits the maintenance mode, or the first electronic device exits the maintenance detection), and the second electronic device follows according to the first electronic device. After sending the second data, the second electronic device also exits the maintenance mode to ensure that the second electronic device can be used normally.

The data protection method of the second embodiment will be described in detail below with reference to specific application scenarios.

Please refer to FIG. 9 , which is a schematic flowchart of another data protection method provided by an embodiment of the present application.

Step S91: After the TV device is started up, the network is formed.

In the embodiment of the present application, the network connection is disconnected after the TV device is turned off, and when the TV device is started, the TV device will request to establish a connection to perform networking.

Step S92: The TV device detects that the mobile phone in the network is in the maintenance mode.

In the embodiment of the present application, after the TV device sends a connection request to the mobile phone, it is known that the mobile phone is in the maintenance mode after receiving the first data sent by the mobile phone.

Step S93: The TV device determines whether to continue networking.

In the embodiment of the present application, the TV device determines whether to continue networking according to the user's instruction, and the TV device may display a prompt "The mobile phone in the network is in maintenance mode, whether it is necessary to continue networking". When the user clicks "No", the TV device stops networking, and the process ends.

Step S94: The television equipment continues to network, and enters the maintenance mode after receiving the first data.

In the embodiment of the present application, when the user clicks "Yes", the TV device continues to network, and the mobile phone detects that the TV device is networked, and sends the first data to the TV device. When the television equipment is networked, the first data sent by the mobile phone is received, and the television equipment enters the maintenance mode according to the first data.

Step S95: the television device receives the second data.

In the embodiment of the present application, after the repair of the mobile phone is completed, the mobile phone will broadcast the second data, and the TV device will receive the second data.

Step S96: the TV device exits the maintenance mode.

Steps In the embodiment of the present application, the TV device exits the maintenance mode according to the second data sent by the mobile phone.

It can be understood that the communication connection of multiple devices is not limited to the communication connection of the above-mentioned two electronic devices, and the first electronic device can also transmit the first data and/or the second data by broadcasting to inform the first electronic device that the current status is maintenance. state, so that other devices networked with the first electronic device also enter the maintenance mode.

Embodiment 3

Please refer to FIG. 10 , which is a schematic flowchart of another data protection method provided by an embodiment of the present application. The method is applied to an electronic device or a cloud server, and the method includes:

Step S101: The first electronic device broadcasts its connection request to the second electronic device, the third electronic device and the cloud server.

In this embodiment of the present application, the number of electronic devices networked with the first electronic device is not specifically limited, and the connection request may include device information and account information of the first electronic device.

Step S102: The second electronic device, the third electronic device and the cloud server respond to the connection request, and the second electronic device, the third electronic device and the cloud server all establish a communication connection with the first electronic device.

In the embodiment of the present application, the second electronic device, the third electronic device and the cloud server verify the account information in the connection request to determine whether the first electronic device is an electronic device of the same account, so as to determine whether the first electronic device is an electronic device of the same account. Whether the electronic device is a trusted device. When the first electronic device is a trusted device of the second electronic device, the first electronic device establishes a communication connection with the second electronic device, and the third electronic device and the cloud server establish a communication connection with the first electronic device similarly. Repeat.

Step S103: Detecting the first trigger condition, the first electronic device sends first data to the second electronic device, the third electronic device and the cloud server, where the first data is used to trigger the second electronic device, the third electronic device and the cloud server The server enters maintenance mode.

Step S104: The second electronic device, the third electronic device and the cloud server all enter the maintenance mode according to the first data.

Step S105: Detecting the second trigger condition, the first electronic device sends second data to the second electronic device, the third electronic device and the cloud server, where the second data is used to trigger the second electronic device, the third electronic device and the cloud server The server is out of service.

Step S106: The second electronic device, the third electronic device and the cloud server all exit the maintenance mode according to the second data.

The data protection method of Embodiment 3 will be described in detail below in combination with specific application scenarios.

Referring to Figure 11, the user's mobile phone establishes a communication connection with the tablet and the cloud server, and the data of the cloud server can be accessed through the mobile phone and tablet. Based on the interconnection, the mobile phone and the tablet can mutually access data.

If the mobile phone in the network fails, the user sends the faulty mobile phone for repair. The maintenance personnel can input commands, such as adb commands, to the tablet and cloud server through the detection channel between the detection device and the mobile phone, and let the mobile phone go to the tablet and cloud server. Specify the directory to get the data out.

Please refer to Figure 11. The user sets the mobile phone to maintenance mode, and the maintenance personnel may not be able to obtain the private data in the mobile phone.

The mobile phone broadcasts the first data to the tablet and cloud server in the network to inform the tablet and cloud server in the network that the mobile phone is currently in maintenance mode. After the tablet and cloud server receive the broadcast information from the mobile phone, both the tablet and the cloud server automatically enter the maintenance mode. Mode, the cloud server applies for a new space as the maintenance and inspection space, so that the mobile phone and tablet can access the maintenance and inspection space, and the tablet can also apply for a new space as the maintenance and inspection space, so that the mobile phone can access the maintenance and inspection space. Maintenance personnel cannot obtain the private data of the tablet networked with the mobile phone and the cloud server through the mobile phone. After the mobile phone is repaired, the user takes the repaired mobile phone and exits the mobile phone from maintenance mode, then the mobile phone broadcasts its second data to the tablet and cloud server, informing the tablet and cloud server in the network that the mobile phone is currently out of maintenance mode, and both the tablet and the cloud server are out of maintenance mode. Exiting the maintenance mode according to the second data, the devices in the mobile phone network can communicate and access data normally. The tablet and cloud server can release the applied maintenance testing space, and the tablet can also display a prompt to prompt the user whether to save the data in the maintenance testing space.

In the embodiment of the present application, when an electronic device in the network is in the maintenance mode, or the electronic device enters the maintenance mode, or is being maintained, other electronic devices and the cloud server in the network will automatically enter the maintenance mode , thereby realizing data protection for electronic devices in the network.

When implementing the embodiments of the present application, the inventor finds that in some scenarios, collaborative detection between multiple devices and joint problem diagnosis of multiple devices are required. At this time, there is a possibility of data leakage. If there is a problem with the screen function, it is necessary to detect the screen projection function of the mobile phone and the smart screen at the same time to determine the problem. At this time, it is necessary to communicate and connect the mobile phone and the smart screen, and at the same time detect the screen projection function of the mobile phone and the smart screen. Based on the interconnection between the mobile phone and the smart screen, data can be accessed between the mobile phone and the smart screen, and remote communication can be performed. The user takes the mobile phone to the maintenance personnel for maintenance, and the maintenance personnel can remotely detect the smart screen through the mobile phone. mode, but the smart screen is not in data protection state.

To this end, the present application proposes another data protection method, which is used to protect the privacy data of electronic devices in the network in the multi-device joint problem diagnosis, and other personnel cannot access the privacy data of users in the electronic devices in the network.

Embodiment 4

Please refer to FIG. 12 , which is a schematic flowchart of another data protection method provided by an embodiment of the present application. The method is applied to an electronic device or a cloud server, and the method includes:

Step S120: The first electronic device establishes a communication connection with a second electronic device, wherein the second electronic device is a trusted device of the first electronic device.

Step S121: The first electronic device receives the first data sent by the second electronic device, where the first data is used to trigger the first electronic device to enter the maintenance mode.

In the embodiment of the present application, the second electronic device detects a first trigger condition, the second electronic device sends first data to the first electronic device, and the first trigger condition includes that the second electronic device is in a maintenance detection state, Either the second electronic device is in the maintenance mode, or the second electronic device enters the maintenance mode, and the first trigger condition further includes that the second electronic device requests the first electronic device to provide detection authority . That is, when the second electronic device is in a maintenance detection state, and the second electronic device requests the first electronic device to provide a detection right, the second electronic device sends the first data. Or, when the second electronic device is in the maintenance mode, and the second electronic device requests the first electronic device to provide detection authority, the second electronic device sends the first data. Or, when the second electronic device enters the maintenance mode, and the second electronic device requests the first electronic device to provide detection authority, the second electronic device sends the first data.

In this embodiment of the present application, the second electronic device requests the first electronic device to provide the first electronic device with detection authority, so that the detection device can perform maintenance detection on the first electronic device, or the detection device can perform maintenance detection on the first electronic device through the second electronic device. The electronic device performs maintenance detection on the first electronic device.

Step S122: the first electronic device enters a maintenance mode according to the first data.

In one possible implementation manner, the second electronic device sends a first data packet to the first electronic device, so that the first electronic device can receive the first data.

Exemplarily, a schematic diagram of the partial structure of the first data packet is given, as follows:

{

Interaction type: detection request (diagRequest)

Current Mode: Maintenance Mode (uid127)

}

Correspondingly, the first electronic device parses the first data packet, and returns the information to the second electronic device as follows:

{

Interaction Type: Detection Request (diagRequest)

Current Mode: Maintenance Mode (uid127)

Access status: ready (ready)

}

When the first electronic device parses that the command format is maintenance mode and the interaction type is detection request, it requests the first electronic device to provide detection authority, the first electronic device switches to maintenance mode, and returns a command to the second electronic device to inform The second electronic device is ready to enter the maintenance mode of the first electronic device.

Embodiment 2, Embodiment 3 and Embodiment 4 are similar in that, when other electronic devices in the network are in the maintenance detection state or in the maintenance mode or enter the maintenance mode, the first data sent by the electronic device in the network is received. , so as to switch to the maintenance mode according to the first data. The difference between Embodiment 4 and Embodiment 2 and Embodiment 3 is that in addition to the information on the status of the second electronic device in the network, the first data also includes information requesting the first electronic device to provide detection authority, that is, the information in the network is included. When the second electronic device is in the maintenance detection state or in the maintenance mode or enters the maintenance mode, the first electronic device receives the first data of the second electronic device, and according to the first data knows that the second electronic device is in the maintenance detection state or in the maintenance mode Or enter the maintenance mode, and the second electronic device requests the first electronic device to provide detection authority, and the first electronic device enters the maintenance mode.

The data protection method of the fourth embodiment will be described in detail below with reference to specific application scenarios.

Please refer to Figure 13, the mobile phone and the smart screen are networked, the user sends the faulty mobile phone to the maintenance personnel for maintenance, the mobile phone enters the maintenance mode, the smart screen receives the broadcast information sent by the mobile phone, and knows that the mobile phone is in the maintenance mode, but the smart screen still Not entering service mode. The mobile phone receives the detection command sent from the detection device, and the mobile phone determines whether to detect the smart screen in the network according to the detection command. The detection device obtains the detection result of the mobile phone. When the smart screen in the network needs to be detected, the mobile phone sends the first data to the smart screen, the first data includes that the mobile phone is in maintenance mode and requests the smart screen to provide detection permission, and the smart screen obtains according to the first data that the mobile phone is in maintenance mode, and If the mobile phone requires the smart screen to provide detection permission, the smart screen will enter the maintenance mode. The smart screen detects that the application is currently running, applies for a memory space, that is, the memory space in maintenance mode, and caches the current application list and other data in the memory space in maintenance mode. Copy information such as playlists to the maintenance mode space to encrypt private data. The smart screen can also display a prompt to inform the user that the maintenance mode is about to be entered. The detection device remotely detects the smart screen through the mobile phone, and the content cached by the smart screen can continue to be played. When the test is over, the smart screen sends the test results to the mobile phone, and the mobile phone collects the test results of the smart screen and sends both the test results of the mobile phone and the smart screen to the testing device. At the end of the maintenance, the smart screen prompts the user to complete the access, and will automatically exit the maintenance mode.

The first data received by the above-mentioned electronic device and used to indicate entering the maintenance mode may come from the user's direct settings on the electronic device or may be data sent from other electronic devices, and the data sent from other electronic devices may include data sent by other electronic devices. The first data automatically sent when the first trigger condition is satisfied may also include the first data sent by the user to another electronic device through one electronic device.

In one of the scenarios, after the user sends the mobile phone for repair, it is found that he forgot to set the mobile phone to enter the maintenance mode. At this time, it is inconvenient to go back and set the mobile phone to enter the maintenance mode. To this end, the present application proposes another data protection method, by dynamically authorizing multiple devices in the network, so that the electronic device enters the maintenance mode according to the user's instruction.

Embodiment 5

Please refer to FIG. 14, which is a schematic flowchart of another data protection method provided by an embodiment of the present application. The method is applied to a first electronic device, and the method includes:

Step S141: Receive a first input command input by a user.

In this embodiment of the present application, the first input command may include a password, fingerprint information, gesture password, face information, etc., and the first input command is used to verify whether the user is the owner of the first electronic device.

Step S142: Determine whether the current user is the host according to the first input command.

In this embodiment of the present application, when the password matches the pre-stored password, it is determined that the current user is the host. When the fingerprint information matches the pre-stored fingerprint information, it is determined that the current user is the host. When the gesture password matches the pre-stored gesture password, it is determined that the current user is the host. When the face information matches the pre-stored face information, it is determined that the current user is the machine owner.

Step S143: If yes, obtain the master control authority, wherein the master control authority is used to set the authority of other electronic devices in the network.

In this embodiment of the present application, when the current user is the owner, the first electronic device obtains the master control authority, and the first electronic device is the master control device, that is, the user can set the authority of other electronic devices in the network through the master control device.

Step S144: Receive a second input instruction input by the user.

In the embodiment of the present application, the second input command is used to indicate the electronic device to be set and its corresponding permission, including the ID of the electronic device to be set and the permission corresponding to the electronic device.

Step S145: Send the corresponding permission setting information to the second electronic device according to the second input instruction, so that the second electronic device sets its permission according to the permission setting information.

In the embodiment of the present application, the first electronic device and the second electronic device are devices that log in with the same account, the second electronic device is a trusted device of the first electronic device, and the first electronic device establishes communication with the second electronic device connect. The first electronic device and the second electronic device may not be devices of the same account, and the second electronic device may be a trusted device authorized and verified by the user.

In this embodiment of the present application, the user inputs a second input command through the first electronic device, where the second input command is used to instruct the permission of the second electronic device to be set to the maintenance mode, that is, the first electronic device receives the user input The instruction instructing the second electronic device to enter the maintenance mode, the first electronic device sends data to the second electronic device to trigger the second electronic device to enter the maintenance mode.

The data protection method of the fifth embodiment will be described in detail below with reference to specific application scenarios.

The user sends the mobile phone for maintenance, but forgets to set the mobile phone to enter the maintenance mode. The device that the user can currently use is the tablet, the user enters the first input command on the tablet, and the tablet verifies that the current user is the owner. The permissions of other electronic devices in the network are set according to the second input command input by the user. The user inputs a second input command to the tablet, which is used to set the authority of the mobile phone with the same login account as the maintenance mode, then the second input command is a maintenance setting instruction, and the tablet receives the maintenance setting instruction input by the user, wherein the maintenance setting The instruction is used to instruct the mobile phone to enter the maintenance mode, and the tablet sends first data to the mobile phone according to the maintenance setting instruction, so that the mobile phone enters the maintenance mode according to the first data.

In the embodiment of the present application, the master control device can also set the authority of the non-login account device in the network. Please refer to Figure 15 together. The mobile phone, the watch and the smart screen are devices with the same login account. The mobile phone, the watch and the smart screen interact with each other. is a trusted device. The maintenance personnel use a different login account to check the watch on the device computer. The computer sends a connection request to the mobile phone, and a prompt appears on the interface of the mobile phone, whether to access the computer. After the user confirms access to the computer, the permission setting interface 18 shown in Figure 16 is presented. The permission setting interface 18 includes a status bar 11, an account number Information, device list of login account, device level, non-login device, connected device list, accessible devices including corresponding accessible devices selection box 19 and temporary permissions including corresponding temporary permissions selection box 20 .

The status bar 11 may include time, signal strength, and current remaining power, and the like. The account information is the user's login account name such as "Zhang San". The login device list shows the devices logged in to the same account and the device level of the device. For example, the devices currently logged in to the same account include mobile phones, watches, and smart screens. The device level of the mobile phone is the main control device, and the devices of the watch and smart screen. Class is slave device. Computers and tablets are included in the list of connected devices in non-logged in devices. There is a selection box at the corresponding accessible devices of the computer and tablet, and the user can operate the selection box to determine the accessible devices of the computer and tablet. There is a selection box at the temporary permission corresponding to the computer and tablet, and the user can operate the selection box to determine the temporary permission of the computer and tablet.

As shown in Fig. 17, the user clicks the accessible device selection box 19 at the corresponding computer on the permission setting interface 18, and the accessible devices of the computer include mobile phones, watches and smart screens. Click the temporary permission selection box 20, and the corresponding temporary permission pops up. Includes maintenance mode access and normal access. The devices that the user can access from the computer include watches, the temporary permissions corresponding to the user's computer include maintenance mode access, the devices that the user can access from the tablet include smart screens, and the temporary permissions corresponding to the user's tablet include normal access. , please also refer to Figure 18. After the computer obtains the authorization certificate sent by the mobile phone, the computer can access the watch, and it is accessed in maintenance mode. That is, when the computer and the watch establish a communication connection, the computer sends a connection request to the watch, the connection request includes the authorization certificate, the watch parses the authorization certificate, and obtains the maintenance mode access permission of the computer in the connection request, and the watch enters the watch according to the maintenance mode access permission of the computer. In maintenance mode, the watch responds to the connection request and sends data to the computer to inform it that it is ready for access, and the watch establishes a communication connection with the computer. By analogy, when a computer is authorized to access more electronic devices, it only needs to obtain authorization from the mobile phone master device to access other electronic devices, avoiding the need for mutual authentication for each electronic device in the same network. The computer sends the first data to the watch, the watch responds to the detection request type after receiving the first data, the watch provides the detection authority, and sends the detection result to the computer after the detection is completed.

After the computer completes the detection, the user cancels the authorization of the computer on the mobile phone, the mobile phone notifies the watch to exit the maintenance mode, and the watch exits the maintenance mode.

The access settings and access methods of the tablet are similar to those of the computer, and will not be repeated here. If the device accessible to the tablet is a smart screen, and the temporary permission is normal access, the tablet can communicate with the smart screen normally, and data can be shared between the tablet and the smart screen.

In this embodiment of the present application, after receiving the command input by the user, the first electronic device may send first data to other electronic devices networked with it, where the first data is used to instruct other electronic devices networked with it to enter maintenance mode, so that other electronic devices networked with it can enter the maintenance mode under the control of the user.

It will be apparent to those skilled in the art that the present application is not limited to the details of the above-described exemplary embodiments, but that the present application may be embodied in other specific forms without departing from the spirit or essential characteristics of the present application. Therefore, as long as they are within the spirit and scope of the present application, appropriate changes and changes made to the above embodiments should fall within the scope of protection of the present application.

Claims

A data protection method, characterized in that, applied to a first electronic device, the method comprising:

establishing a communication connection between the first electronic device and the second electronic device, wherein the first electronic device is a trusted device of the second electronic device;

When a first trigger condition is detected, the first electronic device sends first data to the second electronic device, wherein the first data is used to trigger the second electronic device to enter a maintenance mode.
The method according to claim 1, wherein the first trigger condition comprises:

The first electronic device is in a maintenance detection state, or the first electronic device is in a maintenance mode, or the first electronic device enters a maintenance mode.
method according to claim 2, is characterized in that, described first trigger condition also comprises:

The first electronic device requests the second electronic device to provide detection authority.
The method according to claim 1, wherein the first trigger condition comprises:

The first electronic device receives an instruction input by a user instructing the second electronic device to enter a maintenance mode.
The method according to claim 2 or 3, wherein entering the maintenance mode of the first electronic device comprises:

Encrypt private data.
The method according to claim 2 or 3, wherein entering the maintenance mode of the first electronic device comprises:

A detection authority is provided to implement maintenance detection of the first electronic device.
The method according to claim 2 or 3, wherein entering the maintenance mode of the first electronic device comprises:

Provide maintenance and inspection space;

The access authority of the maintenance detection space is opened to the trusted device of the first electronic device.
A data protection method, characterized in that, applied to a second electronic device, the method comprising:

A second electronic device establishes a communication connection with the first electronic device, wherein the second electronic device is a trusted device of the first electronic device;

receiving first data sent by the first electronic device;

Enter the maintenance mode according to the first data.
The method according to claim 8, wherein the first data includes one of the following information: the first electronic device is in a maintenance detection state, the first electronic device is in a maintenance mode, the first electronic device is in a maintenance The device enters service mode.
The method according to claim 9, wherein the first data further comprises: information for requesting the second electronic device to provide detection authority.
The method according to claim 8, wherein the first data comprises: information input by a user for instructing the second electronic device to enter a maintenance mode.
The method according to any one of claims 8-11, wherein the entering the maintenance mode according to the first data comprises: encrypting private data.
The method according to any one of claims 8-12, wherein the entering the maintenance mode according to the first data further comprises: providing a detection authority to implement maintenance detection on the second electronic device.
The method according to any one of claims 8-13, wherein the entering the maintenance mode according to the first data further comprises:

Provide maintenance and inspection space;

The access authority of the maintenance detection space is opened to the trusted device of the second electronic device.
A data protection system, characterized in that it includes at least a first electronic device and a second electronic device;

establishing a communication connection between the first electronic device and the second electronic device, wherein the second electronic device is a trusted device of the first electronic device;

Detecting a first trigger condition, the first electronic device sends first data to the second electronic device;

the second electronic device receives the first data;

The second electronic device enters a maintenance mode according to the first data.
A data protection system, comprising a cloud server and at least one electronic device;

The cloud server establishes a communication connection with the at least one electronic device, wherein the cloud server is a trusted device of the at least one electronic device;

Detecting a first trigger condition, the at least one electronic device sends first data to the cloud server;

the cloud server receives the first data;

The cloud server enters a maintenance mode according to the first data.
A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program code, and when the computer program code is executed by a computing device, the computing device executes any of the above claims 1 to 14. one of the methods described.
An electronic device, characterized in that the electronic device includes a processor and a memory, the memory is used to store a set of computer instructions, and when the processor executes the set of computer instructions, the computing device executes the above The method of any one of claims 1 to 14.